General
-
Target
Packages.exe
-
Size
59KB
-
MD5
7d313b341d1f19a797a6089cd242ddcf
-
SHA1
d940e8e7e09b67113073d33b0868f32a02714aed
-
SHA256
0bf078a7effac2ec0f379acb4337792d953bc4e4a47be515cf036142eb2c92a3
-
SHA512
0d3f168a6f03eb243e915f554be65add01d15cb49f0784d935636bd00027a745ccc74dc23f4bdb08d895ccaadc5d09ca7ba4202d90e2e813825010fc30a7d09d
-
SSDEEP
768:VBdedPIeqEW1S+QOMaZs43t6WXkZk7bckhgSY1siCwE68qO5NhRz4zHv0nd:TdIv6SoiVWXP7bco11lj68qO5N/qHqd
Score
10/10
Malware Config
Extracted
Family
xworm
C2
Ironthing-22901.portmap.host:22901
field-clark.gl.at.ply.gg:22901
Attributes
-
Install_directory
%AppData%
-
install_file
Packages.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Packages.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections